/*
 *  Copyright 2004 Blandware (http://www.blandware.com)
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package com.blandware.atleap.webapp.action.core.user;

import com.blandware.atleap.common.Constants;
import com.blandware.atleap.common.util.StringUtil;
import com.blandware.atleap.model.core.User;
import com.blandware.atleap.service.core.UserManager;
import com.blandware.atleap.webapp.acegi.UserManagerDaoImpl;
import com.blandware.atleap.webapp.action.core.BaseAction;
import com.blandware.atleap.webapp.form.core.UserForm;
import com.blandware.atleap.webapp.util.core.RequestUtil;
import com.blandware.atleap.webapp.util.core.WebappUtil;
import org.apache.commons.validator.GenericValidator;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import org.springframework.orm.ObjectOptimisticLockingFailureException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * <p>Updates user
 * </p>
 * <p><a href="UpdateUserAction.java.html"><i>View Source</i></a></p>
 * <p/>
 *
 * @author Sergey Zubtsovskiy <a href="mailto:sergey.zubtsovskiy@blandware.com">&lt;sergey.zubtsovskiy@blandware.com&gt;</a>
 * @version $Revision: 1.32 $ $Date: 2008/04/29 17:51:49 $
 * @struts.action path="/core/user/update"
 * name="userForm"
 * scope="request"
 * input="inputForward"
 * validate="true"
 * roles="core-user-update, core-user-updateOneself"
 * @struts.action-forward name="inputForward"
 * path=".core.user.update"
 * @struts.action-forward name="callUpdateUser"
 * path="/core/user/callUpdate.do?com.blandware.atleap.LOGGING_IN=true"
 * redirect="false"
 * @struts.action-forward name="listUsers"
 * path="/core/user/list.do"
 * redirect="true"
 * @struts.action-forward name="unsatisfiable"
 * path="/core/user/list.do"
 */
public final class UpdateUserAction extends BaseAction {
    /**
     * @param mapping  The ActionMapping used to select this instance
     * @param form     The optional ActionForm bean for this request (if any)
     * @param request  The HTTP request we are proceeding
     * @param response The HTTP response we are creating
     * @return an ActionForward instance describing where and how
     *         control should be forwarded, or null if response
     *         has already been completed
     */
    public ActionForward execute(ActionMapping mapping, ActionForm form,
                                 HttpServletRequest request, HttpServletResponse response) throws Exception {

        HttpSession session = request.getSession();

        if ( !isCancelled(request) ) {
            UserForm userForm = (UserForm) form;

            String userName = userForm.getName();
            if ( GenericValidator.isBlankOrNull(userName) ) {
                if ( log.isWarnEnabled() ) {
                    log.warn("Missing user name. Returning to list...");
                }
                return mapping.findForward("listUsers");
            }


            if ( !userName.equals(request.getRemoteUser()) && !request.isUserInRole("core-user-update") ) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                return null;
            }

            UserManager userManager = (UserManager) getBean(Constants.USER_MANAGER_BEAN);

            User user = userManager.retrieveUser(userName);

            if ( user == null ) {
                // user not found. it might be deleted by someone else
                ActionMessages errors = new ActionMessages();
                errors.add("userNotFound", new ActionMessage("core.user.errors.notFound"));
                saveErrors(request, errors);
                return mapping.findForward("listUsers");
            }

            String oldPassword = user.getPassword();

            WebappUtil.copyProperties(user, userForm, request);

            boolean encryptPassword = ((Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD)).booleanValue();
            boolean changePassword = false;
            String newPassword = userForm.getUpdatePassword();

            if ( GenericValidator.isBlankOrNull(newPassword) ) {
                user.setPassword(oldPassword);
            } else {

                // check if user is authenticated using Remember Me feature. If it is so, password cannot be changed
                if ( (RequestUtil.getCookie(request, Constants.LOGIN_COOKIE) != null)
                        && (session.getAttribute("cookieLogin") != null)
                        && (request.getRemoteUser().equalsIgnoreCase(userForm.getName())) ) {
                    // password cannot be changed
                    
                    // password has already been changed to 'oldPassword', so
                    // roll it back
                    user.setPassword(oldPassword);

                    ActionMessages errors = new ActionMessages();
                    errors.add("passwordCannotBeChanged", new ActionMessage("core.user.errors.passwordCannotBeChanged"));
                    saveErrors(request, errors);
                    saveToken(request);
                    return mapping.getInputForward();
                }

                if ( encryptPassword ) {
                    String encAlgorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
                    newPassword = StringUtil.encodePassword(newPassword, encAlgorithm);
                }
                user.setPassword(newPassword);
                changePassword = true;
            }

            try {
                userManager.updateUser(user);

                if (changePassword) {
                    refreshPassword(request, user);
                }
            } catch ( ObjectOptimisticLockingFailureException e ) {
                // user was updated or deleted by another transaction
                ActionMessages errors = new ActionMessages();
                errors.add("updateFailed", new ActionMessage("core.user.errors.updateFailed"));
                saveErrors(request, errors);
                return mapping.findForward("callUpdateUser");
            }

        }

        if ( !request.isUserInRole("core-user-list") ) {
            return mapping.findForward("admin");
        }

        return mapping.findForward("listUsers");
    }

    /**
     * Refresh password in Acegi if we change password for current user
     * @param request request
     * @param user user for which we change password
     */
    private void refreshPassword(HttpServletRequest request, User user) {
        if (user.getName().equals(request.getRemoteUser())) {
        	UserManagerDaoImpl userManagerDaoImpl = (UserManagerDaoImpl) getBean(Constants.USER_DETAILS_SERVICE_BEAN);
        	userManagerDaoImpl.updateUser(user);
        }
    }

}